package com.aegis.common.web.xss;

import org.jsoup.safety.Safelist;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

/**
 * @Author wuweixin
 *
 * @Version 1.0
 * @Descritube
 */
@Configuration
public class JsoupConfig {

    /**
     * Defines a custom Safelist Bean for Jsoup cleaning.
     * Based on Safelist.relaxed() but allows the 'style' attribute
     * on specific safe elements.
     * WARNING: Jsoup does NOT sanitize the *content* of the style attribute itself.
     * Allowing 'style' introduces risks if not carefully managed (e.g., CSS injection).
     * Only allow it if absolutely necessary and trust the source or implement
     * additional checks if possible.
     *
     * @return Configured Safelist bean
     */
    @Bean
    public Safelist customSafelist() {
        Safelist safelist = Safelist.relaxed();

        // Explicitly allow the 'style' attribute on common formatting elements.
        // Add or remove tags based on your specific needs.
        safelist
                .addAttributes("span", "style")
                .addAttributes("p", "style")
                .addAttributes("div", "style")
                .addAttributes("h1", "style")
                .addAttributes("h2", "style")
                .addAttributes("h3", "style")
                .addAttributes("h4", "style")
                .addAttributes("h5", "style")
                .addAttributes("h6", "style")
                .addAttributes("ul", "style")
                .addAttributes("ol", "style")
                .addAttributes("li", "style")
                .addAttributes("strong", "style")
                .addAttributes("em", "style")
                .addAttributes("u", "style")
                .addAttributes("strike", "style")
                .addAttributes("blockquote", "style");
        // Be cautious about adding 'style' to tags like 'a'

        // You can further customize the relaxed list here if needed
        // e.g., add more tags or attributes allowed by your rich text editor
        // .addTags("figure", "figcaption")
        // .addAttributes("figure", "class")

        return safelist;
    }
}